CVE-2020-25687
CVE-2020-25687
In short
A flaw in dnsmasq allows a remote attacker to crash the DNS service by sending specially crafted DNS replies when DNSSEC validation is enabled. This happens because the software doesn't properly check the length of data before copying it to memory.
Technical detail
A heap-based buffer overflow in dnsmasq's extract_name() function (rfc1035.c) occurs before DNSSEC validation, triggered by remote DNS replies with insufficient length checks. The vulnerability leads to negative-size memcpy() calls in sort_rrset(), causing a denial of service; exploitation requires the ability to craft valid DNS responses.
Summary generated and translated by AI from the official description.
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Affected products
n/a · dnsmasqWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://bugzilla.redhat.com/show_bug.cgi?id=1891568https://lists.debian.org/debian-lts-announce/2021/03/msg00027.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/https://security.gentoo.org/glsa/202101-17https://www.debian.org/security/2021/dsa-4844https://www.jsof-tech.com/disclosures/dnspooq/https://www.kb.cert.org/vuls/id/434904